Fixed issue with TLS certificate that had an no issuer CN (#4681)
This commit is contained in:
parent
fbde2a87a5
commit
3a22bfbc24
|
@ -922,7 +922,7 @@ module.exports.CertificateOperations = function (parent) {
|
||||||
// Fetch the certificates names for the main certificate
|
// Fetch the certificates names for the main certificate
|
||||||
r.AmtMpsName = obj.pki.certificateFromPem(r.mps.cert).subject.getField('CN').value;
|
r.AmtMpsName = obj.pki.certificateFromPem(r.mps.cert).subject.getField('CN').value;
|
||||||
var webCertificate = obj.pki.certificateFromPem(r.web.cert);
|
var webCertificate = obj.pki.certificateFromPem(r.web.cert);
|
||||||
r.WebIssuer = webCertificate.issuer.getField('CN').value;
|
if (webCertificate.issuer.getField('CN') != null) { r.WebIssuer = webCertificate.issuer.getField('CN').value; } else { r.WebIssuer = null; }
|
||||||
r.CommonName = webCertificate.subject.getField('CN').value;
|
r.CommonName = webCertificate.subject.getField('CN').value;
|
||||||
r.CommonNames = [ r.CommonName ];
|
r.CommonNames = [ r.CommonName ];
|
||||||
var altNames = webCertificate.getExtension('subjectAltName');
|
var altNames = webCertificate.getExtension('subjectAltName');
|
||||||
|
@ -1005,6 +1005,7 @@ module.exports.CertificateOperations = function (parent) {
|
||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (parent.configurationFiles != null) {
|
if (parent.configurationFiles != null) {
|
||||||
console.log("Error: Vault/Database missing some certificates.");
|
console.log("Error: Vault/Database missing some certificates.");
|
||||||
if (r.root == null) { console.log(' Code signing certificate is missing.'); }
|
if (r.root == null) { console.log(' Code signing certificate is missing.'); }
|
||||||
|
@ -1074,7 +1075,8 @@ module.exports.CertificateOperations = function (parent) {
|
||||||
webPrivateKey = r.web.key;
|
webPrivateKey = r.web.key;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
var webIssuer = webCertAndKey.cert.issuer.getField('CN').value;
|
var webIssuer = null;
|
||||||
|
if (webCertAndKey.cert.issuer.getField('CN') != null) { webIssuer = webCertAndKey.cert.issuer.getField('CN').value; }
|
||||||
|
|
||||||
// If the mesh agent server certificate does not exist, create one
|
// If the mesh agent server certificate does not exist, create one
|
||||||
var agentCertAndKey, agentCertificate, agentPrivateKey;
|
var agentCertAndKey, agentCertificate, agentPrivateKey;
|
||||||
|
@ -1131,7 +1133,7 @@ module.exports.CertificateOperations = function (parent) {
|
||||||
|
|
||||||
// Fetch the certificates names for the main certificate
|
// Fetch the certificates names for the main certificate
|
||||||
var webCertificate = obj.pki.certificateFromPem(r.web.cert);
|
var webCertificate = obj.pki.certificateFromPem(r.web.cert);
|
||||||
r.WebIssuer = webCertificate.issuer.getField('CN').value;
|
if (webCertificate.issuer.getField('CN') != null) { r.WebIssuer = webCertificate.issuer.getField('CN').value; } else { r.WebIssuer = null; }
|
||||||
r.CommonName = webCertificate.subject.getField('CN').value;
|
r.CommonName = webCertificate.subject.getField('CN').value;
|
||||||
if (r.CommonName.startsWith('*.')) {
|
if (r.CommonName.startsWith('*.')) {
|
||||||
if (commonName.indexOf('.') == -1) { console.log("ERROR: Must specify a server full domain name in Config.json->Settings->Cert when using a wildcard certificate."); process.exit(0); return; }
|
if (commonName.indexOf('.') == -1) { console.log("ERROR: Must specify a server full domain name in Config.json->Settings->Cert when using a wildcard certificate."); process.exit(0); return; }
|
||||||
|
|
|
@ -3393,7 +3393,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
|
||||||
if (typeof obj.args.trustedcert == 'boolean') return obj.args.trustedcert; // If the status of the cert specified, use that.
|
if (typeof obj.args.trustedcert == 'boolean') return obj.args.trustedcert; // If the status of the cert specified, use that.
|
||||||
if (obj.args.tlsoffload != null) return true; // We are using TLS offload, a real cert is likely used.
|
if (obj.args.tlsoffload != null) return true; // We are using TLS offload, a real cert is likely used.
|
||||||
if (obj.parent.config.letsencrypt != null) return (obj.parent.config.letsencrypt.production === true); // We are using Let's Encrypt, real cert in use if production is set to true.
|
if (obj.parent.config.letsencrypt != null) return (obj.parent.config.letsencrypt.production === true); // We are using Let's Encrypt, real cert in use if production is set to true.
|
||||||
if (obj.certificates.WebIssuer.indexOf('MeshCentralRoot-') == 0) return false; // Our cert is issued by self-signed cert.
|
if ((typeof obj.certificates.WebIssuer == 'string') && (obj.certificates.WebIssuer.indexOf('MeshCentralRoot-') == 0)) return false; // Our cert is issued by self-signed cert.
|
||||||
if (obj.certificates.CommonName.indexOf('.') == -1) return false; // Our cert is named with a fake name
|
if (obj.certificates.CommonName.indexOf('.') == -1) return false; // Our cert is named with a fake name
|
||||||
return true; // This is a guess
|
return true; // This is a guess
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue